Merge pull request #136 from cgwalters/clear-error-install-no-container

install: Give better error if not run in a podman container

lib/src/containerenv.rs

@@ -1,12 +1,13 @@
 //! Helpers for parsing the `/run/.containerenv` file generated by podman.
 
-use std::fs::File;
 use std::io::{BufRead, BufReader};
 
-use anyhow::{Context, Result};
+use anyhow::Result;
+use cap_std_ext::cap_std::fs::Dir;
+use cap_std_ext::prelude::CapStdExtDirExt;
 use fn_error_context::context;
 
-const PATH: &str = "/run/.containerenv";
+const PATH: &str = "run/.containerenv";
 
 #[derive(Debug, Default)]
 pub(crate) struct ContainerExecutionInfo {
@@ -18,11 +19,14 @@ pub(crate) struct ContainerExecutionInfo {
 }
 
 /// Load and parse the `/run/.containerenv` file.
-#[context("Parsing {PATH}")]
-pub(crate) fn get_container_execution_info() -> Result<ContainerExecutionInfo> {
-    let f = File::open(PATH)
-        .with_context(|| format!("Opening {PATH}"))
-        .map(BufReader::new)?;
+#[context("Querying container")]
+pub(crate) fn get_container_execution_info(rootfs: &Dir) -> Result<ContainerExecutionInfo> {
+    let f = match rootfs.open_optional(PATH)? {
+        Some(f) => BufReader::new(f),
+        None => {
+            anyhow::bail!("This command must be executed inside a podman container (missing {PATH}")
+        }
+    };
     let mut r = ContainerExecutionInfo::default();
     for line in f.lines() {
         let line = line?;

lib/src/install.rs

@@ -780,8 +780,11 @@ async fn prepare_install(
     crate::cli::require_root()?;
     require_systemd_pid1()?;
 
+    let rootfs = cap_std::fs::Dir::open_ambient_dir("/", cap_std::ambient_authority())
+        .context("Opening /")?;
+
     // This command currently *must* be run inside a privileged container.
-    let container_info = crate::containerenv::get_container_execution_info()?;
+    let container_info = crate::containerenv::get_container_execution_info(&rootfs)?;
     let source = SourceInfo::from_container(&container_info)?;
 
     ensure_var()?;